Comments 0

Document transcript

CS Bits & Bytes is a bi-weekly newsletter highlighting innovative computer science research. It is our hope thatyou will use CS Bits & Bytes to engage in the multi-faceted world of computer science to become not just a user,but a creator of technology. Please visit our website at: http://www.nsf.gov/cise/csbytes.December 3, 2012Volume 2, Issue 7CryptographyFrom online holiday shopping to emailed season’s greetings, the Internet is used to transmit vast quantities ofpersonal and financial information. Have you ever wondered what keeps your information safe? It’s all aboutcryptography!Cryptography provides techniques for securing communication in thepresence of third party adversaries. One of the fundamental problems incryptography is the need to prove an identity to perform a transaction,while also keeping that identifying information private.Luckily, computer science researchers devised a way to do this! Themethods ensure that no one listening in to the interaction between youand the recipient or even the legal recipient himself, can later pretendto be you and engage in “identity theft.” Because no secret knowledgeis revealed, this approach is called a “zero-knowledge proof.” Zero-knowledge proofs are used throughout cryptography and are crucial forsecure electronic identity verification.In practice, this is done by verification of the sender’s ability to performchallenging computations that would be impossible without knowingthe secret information— be it an account number or password. TheWho Thinks of this Stuff?! Shafrira “Shafi” Goldwasser, RSA Professor of Electrical Engineeringand Computer Science at the Massachusetts Institute of Technology (MIT), has been called one ofthe founders of modern cryptography. She co-invented zero-knowledge proofs with Silvio Micaliand Charles Rackoff in the 1980’s, and currently co-chairs MIT’s Cryptography and InformationSecurity Group. When she’s not finding new ways of protecting information, Shafi enjoys reading,swimming, and participating in a playback acting troupe.See a basic example of cryptography at:http://www.khanacademy.org/math/applied-math/crypt/v/intro-to-cryptographyMUST SEE!You can think of your password as a pair of special glassesthat distinguishes between hidden colors, and passwordverification as correctly identifying a hidden color for anotherperson without giving them your glasses!Professor Shafrira Goldwasserchallenging computations that the sender is asked to perform are chosen at random by the recipient, so it will beextremely unlikely that the same challenge would be repeated the next time the sender needs to prove its identity.Although these computations are difficult without knowing the secret information, it is easy to verify that they weredone correctly even without the secret information.The process can be illustrated using the analogy of an exchange betweentwo people, who for zero-knowledge proofs are commonly labeled as:Peggy, the prover/sender, and Victor, the verifier/recipient. Say Peggywants to convince Victor that she has special glasses (analogous to thepassword) that enable her to distinguish between colors A and B thatVictor cannot tell apart. Peggy hands to Victor two pieces of paper whichare identical to each other in all ways except that the first one is colored Aand the second is colored B. Of course, to Victor the pages look identical..Victor goes off and tosses a coin. If the coin comes up heads, he returnsto Peggy the first paper she handed to him; if the coin comes up tails, hereturns to Peggy the second paper she handed to him. In other words, if hiscoin was heads, Peggy gets the paper colored A, or, if it was tails, she getsback the paper colored B. Now Peggy uses her special glasses to tell whichcolored paper she got back, and lets Victor know if it’s colored A or B. If sheanswers correctly, Victor believes Peggy has the special glasses, otherwise he does not.Let’s dive deeper into this scenario. If Peggy did not actually have the glasses (analogously, if she did not know thepassword), there would only be a 50% chance that she’d be able to know which color page she got back since shewould have to correctly guess the outcome of Victor’s coin toss to name the right color. Even if she were able to guesscorrectly, repeating the process many times would ultimately reveal that she does not have the glasses as the chancethat she could repeatedly guess Victor’s coins would be small after a number of repetitions.It is easy for computers to repeat a verification routine many times and efficiently establish thevalidity of the Prover with an extremely high certainty, preventing impersonators from gettingthrough.CS BITS & BYTEShttp://www.nsf.gov/cise/csbytes/Please direct all inquiries to: csbitsandbytes@nsf.govNational Science FoundationComputer & Information Science & Engineering Directorate4201 Wilson Blvd Suite 1105Arlington VA, 22230Activity:In the above scenario, if Peggy does not actually have the special glasses, she has a 50/50 chance of guessing the colorcorrectly – the same odds as correctly guessing Victor’s coin flip.As a class, calculate the probability of correctly guessing the outcome of a coin flip n times in a row. Make a table onthe board.Links:Read more about the MIT Cryptography and Information Security Group at: http://groups.csail.mit.edu/cis/.An alternate explanation of zero-knowledge proofs can be found at: http://pages.cs.wisc.edu/~mkowalcz/628.pdf.A variety of cryptography games are under development at: http://www.cryptoclub.org/.n Odds of guessing correctlyevery time2-sided coin 3-sided coin1234Discussion Topic 1: How many correct outcomes in a row would Peggy need to have in order to convince you that shehas the glasses?Discussion Topic 2: What are the advantages of using a computer algorithm to carry out a zero-knowledge proof?Discussion Topic 3: What if we used glasses that can distinguish three colors from each other, which were impossiblefor Victor to distinguish (imagine a three-sided coin)?